Sapio's software is intended to collect the data necessary to accomplish a customer's LIMS and ELN goals. This may include metrics/data used for proprietary laboratory goals, users' personal data such as name, title, email, and Protected Health Information (PHI) in some clinical instances. Sapio also records an audit trail of all data changes made by users of the system and the date/time in which they were made.
We process Customer Data in accordance with Customer’s instructions, including any applicable terms in a customer’s agreement with Customer and Customer’s use of Sapio's functionality, and as required by applicable law. Sapio Sciences is a processor of customer data and the customer is the controller. This data may be used to perform customer specific requirements of the software such as calculations, process tracking, sample, storage, and reagent inventory, etc., to follow the instructions of the customer who submitted the data, or in response to contractual requirements with our customers. This data is encrypted if Sapio Sciences provides the hosting. This data is in the control of the customer in the case where they install Sapio on premise within their own administrator controlled environments.
Sapio Sciences uses a limited number of third party providers to assist in providing consulting and hosting services. These third party providers may be contractually requested by the customer or Sapio for consulting or IT services, or on behalf of Sapio to fulfill business requirements. We accept certain liability for data that is transferred to third parties on our behalf provided that data was not accessed improperly. The third parties are as follows:
- AWS Hosting: AWS Privacy
- Google Analytics: Google Privacy
- Zifo RnD Solutions: Zifo Privacy
- Stripe: Stripe Privacy
Sapio will not disclose/share personal information outside of these third party providers. Individuals may request that their personal information not be shared with these entities by contacting the customer who owns the Sapio software that houses their data. Alternatively, individuals may also email firstname.lastname@example.org to make this request and Sapio will work with the customer to ensure steps to prevent their personal data from being accessed in accordance with the individual's request.
Questions or Complaints
Sapio Sciences LLC
400 East Pratt St, Suite 800
Baltimore, MD 21202
We will work with you to resolve your issue.
We commit to cooperate with competent EU, Swiss and UK data protection authorities (DPAs) with regard to our customers end users’ human resources data and non-human resources data transferred from a European country.
Right of Access
Initial requests to Sapio Sciences for data access, correction, amendment, or deletion by an individual with personal data held within an instance of the Sapio software will be directed to the customer of the Sapio software since they will administrate access control to their own data. The individual will be informed to contact the customer and Sapio will provide contact information if needed. The individual will be alerted to contact us again if they are unsuccessful in contacting and obtaining the needed data with the customer.
If the individual is unsuccessful in retrieving the needed data from the customer and contacts Sapio again, we will collect the individual's contact information and reason for the request. The individual will be informed that we will alert the customer to the request.
Sapio Sciences will make a best effort attempt to contact the customer on behalf of the individual and pass them the individual's information and request. We will alert the customer that the requesting individual was unsuccessful in retrieving the data through the customer previously. On many occasions, the customer will elect to the handle the rest of this for us.
In the event the customer passes the responsibility to Sapio Sciences to address the individual's request, we will contact the individual and request they provide verification of their identity by providing a scan of a government issued ID. The individual will be alerted that Sapio will retrieve the information on behalf of the customer.
Once the individual's ID is verified, we will provide the requesting individual with a csv copy of the requested data or will perform legally required actions as requested by the individual.
Requirement to Disclose
We may disclose personal data when we have a good faith belief that such action is necessary to: conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements; or to enforce our contractual obligations.